[Zope] Newbie: PayPal and Zope

Bill Anderson bill@libc.org
15 Jun 2001 17:33:15 -0600


On 15 Jun 2001 16:18:14 -0500, Anthony Monta wrote:
> Hi. I'm trying to set up a website that registers people for a conference. 
> I'd like to restrict access to the conference registry form to people who 
> have already paid to a PayPal account (i.e., registered). What's the most 
> effective way to do this?
> 
> The solution I've come up with so far (I'm not a programmer by profession) 
> is to have PayPal send customers who have paid to a dtml script that sets a 
> cookie value and then redirects the customer to a form viewable only if the 
> cookie has the correct value. But this model is insecure because there's 
> nothing to prevent someone who *hasn't* paid to PayPal from running the 
> script if they know what its URL is; and if I set some security block on it 
> in Zope, then it wouldn't run when people who *have* paid were directed 
> there. Obviously I'm missing something or just not looking in the right 
> place. Maybe PayPal's confirmation email could be used in some way?
>

Ask paypal, they have a method for payment confirmation. it isn't pretty, and I haven't done it in zope/python yet.